similar to: [Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Hello, I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated constellation. It''s possible that XEN is also involved in this, but I''m not sure. What I''m trying to do is have XEN guest domains on a host, connected via a bridge into a private network. The the privileged domain attaches to this private network and acts as a NAT router to connect

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work

I've been struggling with my firewall and getting vsftp to work in passive mode. It seems that everything on this hosting server works just fine without the eth0 entry in my iptables except for vsftp in passive. Am I opening up too much by adding the eth0 line? -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT

Hi All How to classify packets belonging to a FTP session? Port 21 session is easy. but what about data transfers? Their port numbers (both) are above 1024. I was thinking about ip_conntrack_ftp. Something like: iptables -A FORWARD -p tcp --sport 1024: --dport 1024: \ -m state --state ESTABLISHED,RELATED -j CLASSIFY --set-class X:Y But what if I also have ip_conntrack_irc, for instance.

Hi, I want to setup a ftp Server on CentOS 4.4. I will have to choose which ftp is IDLE among 3 ftp pkgs that are vsftp,wuftp or proftp? What do you recommend? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070313/453527c8/attachment.html>

I'm having an odd behavior with vsftp on all CentOS 4 servers... maybe 3 too, but I'm not on those much. I am transferring in port mode as I've never managed to get passive to work with a firewall running. Anyway, this is what happens. During normal transfers with few files.. it works perfectly. During the transfer of like a large website with hundreds of files in various

I have a vsftp server hosted on custom dyndns site. We have a 4mb ADSL connection. When I tried to download the files from the ftp server with wan IP address or the dyndns address it downloads some files and disconnects. Please find below an extract from the log file (ace ftp client). I would appreciate if someone could guide me, possibly with a solution for this problem. Many thanks

Dear all, Dear support and users: Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check? I cannot login both SSH 2222 and ftp! Below is my environment: (attachment is shorewall dump) 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP:

Hi, I want to setup vsftp on centos 4.5. 2 types of ftp. they are active and pasive. What is the default type ftp type o CentOS ? Is is PASIVE ftp? in /etc/vsftpd/vsftpd.conf, I found below line. What should I do for below line? # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES Should I COMMENT it out? I need a very secure ftp service. YOUR

Hi, I''m using the same set of firewall rules of 2.0.x (sorry, I can''t remember the exact minor version) and put it to work with 2.0.9. And now I can''t do passive ftp (was working before). I see that my NEWNOTSYN is set to Yes, and the loc->net rule is blocking 1024:65535. But I believe with the ip_conntrack_ftp, the passive mode would be allowed, since

Hello I''ve setuped a bridge with iptables + layer + ipp2p + tc I don''t know how to shape passive ftp ? If I put rules on port 20, 21 or using layer 7 iptables accounting still empty ... When I done a tcpdump I can see that othe port than 20 or 21 are used ... Any Ideas of how I can achieve this ? Regards

Hi, I just wanted to share my script with the list. I have been trying to shape outbound passive and active ftp traffic without affecting inbound and lan transfers. I have tried to do this for a long time and it seems that I have finally figured it out. Feel free to comment on the below script if there is anything that can be improved. It seems to work flawlessly so far. #!/bin/bash

Hi, I am trying to use the following script to limit my passive ftp traffic to 35KBytes. Problem is, it kill''s the entire connection on that computer. The script is running on the same machine as the ftp server. I was hoping to limit the ftp traffic, and only the ftp traffic, leaving the computer. It seems to limit everything, i tried transfering a file with samba and the whole

I am trying to mark outbound passive ftp traffic with iptables and shape it to 35KBytes. I am using the following script on the computer that runs the ftp server. It is not working correctly, it seems to limit ALL traffic. Cant file share or anything. Anyone might know what is wrong? #!/bin/bash #shaping passive ftp traffic # mark the outbound passive ftp packets on ports 50000-51000

Hi list, I've a problem with vsftpd on C7.3. This is a dedicated server protected by a Zywall5. SELINUX is disabled. This is my vsftpd configuration: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES idle_session_timeout=600

I am trying to control traffic in my server and a doubt came over me... My ftp server is set up in passive mode, so it will randomly choose a port to transfer data (in my case ports 50000-50100)... Is there a way of controlling this ftp traffic without marking packets? Thanks! Bye... msn: fredi_bieging@hotmail.com skype: fredibieging A mathematician is a machine for converting coffee into

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Remember my thread that I can''t FTP into my server? It seems that (well, what Tom has suggested) ip_conntrack_ftp and ip_nat_ftp weren''t loaded. I don''t know why in that particular machine mdk9.2 doesn''t load them by default, whereas in other machine they were loaded. I have put them in /etc/modules, and